Wifi Diagnostic Tool Sepolicy am: db0a7dd682 am: 0cc0a15dd9

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/20817870

Change-Id: I4b22c2b81d4aa98f6f1561bdb0224ea05abc0af9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

6 files changed, 39 insertions, 0 deletions

diff --git a/wifi_diagnostic/file_contexts b/wifi_diagnostic/file_contexts
new file mode 100644
index 0000000..f0a40d5
--- /dev/null
+++ b/wifi_diagnostic/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/wifi_diagnostic        u:object_r:wifi_diagnostic_exec:s0
diff --git a/wifi_diagnostic/hal_wifi_supplicant_default.te b/wifi_diagnostic/hal_wifi_supplicant_default.te
new file mode 100644
index 0000000..9cd58c1
--- /dev/null
+++ b/wifi_diagnostic/hal_wifi_supplicant_default.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+allow hal_wifi_supplicant_default wifi_diagnostic:unix_dgram_socket sendto;
+')
diff --git a/wifi_diagnostic/logger_app.te b/wifi_diagnostic/logger_app.te
new file mode 100644
index 0000000..0fc09a3
--- /dev/null
+++ b/wifi_diagnostic/logger_app.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+  set_prop(logger_app, vendor_wifi_diagnostic_prop)
+')
diff --git a/wifi_diagnostic/property.te b/wifi_diagnostic/property.te
new file mode 100644
index 0000000..ad69f65
--- /dev/null
+++ b/wifi_diagnostic/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_wifi_diagnostic_prop)
diff --git a/wifi_diagnostic/property_contexts b/wifi_diagnostic/property_contexts
new file mode 100644
index 0000000..2348204
--- /dev/null
+++ b/wifi_diagnostic/property_contexts
@@ -0,0 +1,2 @@
+vendor.wifi.diagnostic.start                              u:object_r:vendor_wifi_diagnostic_prop:s0
+vendor.wifi.diagnostic.reassocBssid                       u:object_r:vendor_wifi_diagnostic_prop:s0
diff --git a/wifi_diagnostic/wifi_diagnostic.te b/wifi_diagnostic/wifi_diagnostic.te
new file mode 100644
index 0000000..23a39d3
--- /dev/null
+++ b/wifi_diagnostic/wifi_diagnostic.te
@@ -0,0 +1,29 @@
+type wifi_diagnostic, domain;
+type wifi_diagnostic_exec, exec_type, vendor_file_type, file_type;
+
+# make transition from init to its domain
+userdebug_or_eng(`
+init_daemon_domain(wifi_diagnostic)
+net_domain(wifi_diagnostic)
+
+# daemon
+allow wifi_diagnostic wifi_logging_data_file:dir create_dir_perms;
+allow wifi_diagnostic wifi_logging_data_file:file create_file_perms;
+allow wifi_diagnostic vendor_shell_exec:file execute_no_trans;
+allow wifi_diagnostic wifi_diagnostic_exec:file execute_no_trans;
+allow wifi_diagnostic self:capability net_admin;
+allow wifi_diagnostic self:udp_socket ioctl;
+allowxperm wifi_diagnostic self:udp_socket ioctl { SIOCETHTOOL SIOCDEVPRIVATE };
+
+# wpa_cli
+allow wifi_diagnostic self:capability { setgid setuid };
+allow wifi_diagnostic wpa_data_file:dir w_dir_perms;
+allow wifi_diagnostic wpa_data_file:sock_file { create setattr write unlink };
+allow wifi_diagnostic hal_wifi_supplicant_default:unix_dgram_socket sendto;
+allow wifi_diagnostic vendor_file:file execute_no_trans;
+allow wifi_diagnostic vendor_file:dir r_dir_perms;
+
+# property
+get_prop(wifi_diagnostic, vendor_wifi_diagnostic_prop)
+set_prop(wifi_diagnostic, vendor_wifi_diagnostic_prop)
+')